[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: replication security (i)



hi quanah.

i've been using the oreilly book on ldap admin for a bit of guidance on this, but from what i can make out any changes i make to the slave stay there and aren't redirected to the master... (with readonly turned off that is)

is it password related? does it make a difference which hashed password i use for the rootdn (ie. can i use the same SSHA coded password at both ends or do i have to generate them separately?)

or am i barking up the wrong tree? :-)

john

 --- On Wed 11/09, Quanah Gibson-Mount < quanah@stanford.edu > wrote:
From: Quanah Gibson-Mount [mailto: quanah@stanford.edu]
To: jhalfpenny@excite.com, OpenLDAP-software@OpenLDAP.org
Date: Wed, 09 Nov 2005 12:00:36 -0800
Subject: Re: replication security

<br><br>--On Wednesday, November 09, 2005 7:05 AM -0500 John Halfpenny <br><jhalfpenny@excite.com> wrote:<br><br>><br>> hi everybody,<br>><br>> i have a couple of small questions regarding my openldap replication<br>> setup, if anyone knows the answers i would appreciate it enormously :-)<br>><br>> if i run with a cleartext password for the updatedn, and turn off<br>> readonly on the slave, all works well, i.e.<br>><br>> master-<br>><br>> replica host=master.my.local:389<br>>  binddn="cn=Manager,dc=my,dc=local"<br>>  bindmethod=simple credentials=mypass<br>>  syncrepl<br>><br>> slave-<br>><br>> updatedn "cn=Manager,dc=my,dc=local"<br>>  referral ldap://master.my.local<br>><br>> but i have read that the slave should really be readonly, yet when i add<br>><br>>  readonly on<br><br>I think you are confusing things... By "readonly" it is meant that people <br>shouldn't be able to write changes to the slave, only to the master.  If <br>you have correctly set up replication, this 
will be the case by default.<br><br>--Quanah<br><br><br>--<br>Quanah Gibson-Mount<br>Principal Software Developer<br>ITSS/Shared Services<br>Stanford University<br>GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html<br>

_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!